Skip to content

Latest commit

 

History

History
33 lines (22 loc) · 1018 Bytes

README.md

File metadata and controls

33 lines (22 loc) · 1018 Bytes

About

  • Exploit for CVE-2021-25741 vulnerability
  • ~hostPath for everyone w/0 any restriction: Allows to mount node filesystem inside of new POD with read-write privileges

Pre-requisites

  • Right to create pod with volumes
  • Kubelet version:
    • v1.22.0 - v1.22.1
    • v1.21.0 - v1.21.4
    • v1.20.0 - v1.20.10
    • <= v1.19.14

Go further: [security google blog]

Now let's get some exploit ! 🧨

./IWAS #IWantAShell
As simple as that!
Demo

Why forking a working PoC for an old k8s version

  • Cause I was working on it and I have missed a little detail. So I want to dig it again (play with k8s, volumes etc)
  • Provide a pretty wrapper to the PoC that directly provide a shell
  • Old/deprecated versions never existed in production environment (did it?!!)